The pandemic disrupted traditional workstyles, with many businesses rapidly adopting new technologies to stand up remote work seemingly overnight. Today hybrid work, a flexible workstyle that let’s employees divide their hours between in-office and remote, is becoming the new normal. But with this shift comes new challenges organizations need to address.
According to Shri Kalyanasundaram, Director of Cybersecurity at TELUS, “Traditionally, with the in-office model, everything was connected within the borders of the corporate network and data centre,” he says. “But with hybrid work, employees are moving in and out of the corporate network, using a mixture of corporate and personally-owned devices as well as a variety of cloud-based applications, making employees easy targets for cybercriminals.”
Understanding risks, mitigating gaps
As part of the push to enable employees, many organizations had to roll out new solutions quickly which often meant shortcutting review cycles. “The need to adapt resulted in the rapid adoption of tools and policies that didn’t undergo the standard security vetting that many businesses have in place.” Limited security reviews have had an unintended side effect by introducing changes to the organization's risk posture. The increased security risk makes organizations significantly more vulnerable to cyberattacks.
To best understand your current risk posture and discover any newly introduced gaps, Kalyanasundaram suggests conducting a thorough assessment of the technologies that are currently in place, matching them against the evolving needs of the organization. “It’s time for organizations to revisit the band-aid technologies that were never meant to be long-term solutions. And they’ve got to replace or supplement them with the right tools that can help them securely enable hybrid work for the long-term,” says Kalyanasundaram.
Escalating ransomware threat
One reality the last 18 months have made clear is that ransomware is here to stay and cybercriminals don’t discriminate when it comes to their targets. “Ransomware is obviously the biggest cyber threat facing businesses today,” says Kalyanasundaram. “The increased volume and sophistication of ransomware attacks is having a visible impact on businesses across the country. And there are no signs of a slowdown. Cybercriminals are consistently increasing their levels of understanding and ability,” he asserts. “And they’re well aware of the security risks that have been posed by hybrid work within many businesses and are actively taking advantage of them. A successful attack could have profoundly detrimental and wide-ranging effects. Financially, of course, the impact would be severe. But, beyond finances, the damage that could be inflicted on the business’ brand can be long-lasting.”
Unfortunately, it’s all too easy to find examples of cybercriminals at work. In May 2021, a prominent U.S. fuel supplier was attacked, resulting in a six-day shutdown that left 10,600 gas stations without fuel for over a week before a $4.4 million ransom was paid. More recently in June 2021, the world’s largest meat supplier, agreed to pay an $11 million ransom demand following the compromising of its systems.
Ransomware is estimated to cost businesses in excess of $265 billion over the course of the next decade1. Given the crippling effects and high cost of a successful breach, Kalyanasundaram suggests organizations prioritize rolling out proactive measures to secure their network, data and team members.
When it comes to preparing your business for the new era of work, Kalyanasundaram notes that the best approach to cybersecurity is one that enables your organization to keep pace with the threat landscape as it evolves. What does that look like? After completing a risk assessment to identify gaps, implement the controls needed to close those vulnerabilities. To start, Kalyanasundaram suggests focusing on:
Network, Cloud and Endpoint monitoring
Increase visibility and ensure your environment is monitored 24x7. Since cybersecurity isn’t a 9-5 job, solutions like Managed Detection & Response can help organizations gain peace of mind knowing your environment is protected around the clock.
A hybrid work model often involves devices connecting to (potentially unsecured) networks outside your control. Since every connected device is a potential door into your environment, it's critical to invest in securing this hardware.
Since email is the most common entry point for ransomware, it’s key to have filters in place to detect and block these threats before they’re ever delivered to your team members.
A robust cybersecurity awareness program can help train your team members to spot, avoid and report malicious activity, while also teaching them security best practices to use day-to-day, both at work and at home.
“At the end of the day, it’s about building a culture of awareness at your company and ultimately, recognizing that security is not a destination, but a journey,” says Kalyanasundaram.
As a national service provider, TELUS has a unique perspective on the threats and trends Canadian organizations face today. Whatever your needs are, we have a cybersecurity solution and the support you need now and in the future.
Want to learn more? Check out our on-demand webinar The Modern Workplace: securing the path to hybrid work.